The second phase of the admin investigation has concluded, and we now have further evidence to share of multilogging across six Templars events in the past month.
A lot of ground has been covered. Since the administrative team was originally tipped off about a dodgy video by LEGOMAN, extensive investigation has ensued to try and decipher what’s really been going on behind the scenes. Since the first post was released, we’ve looked into the past month’s worth of events [including a few events from the end of December]. We finally put together a list of six events with suspected multilogging:
28th December
30th December [The Invasion of SWAT’s capital, Parka]
31st December
4th January
6th January
18th January [Covered already in our first statement]
[Please note that none of the below numbers in this post include Xing’s own account]
24 accounts were tied to multilogging across these 6 events. The following accounts were discussed in the last statement, so refer back to that for more information on them:
EmperorXing, ANiceAndMean, AveTemplaria, CORPSE_CAT81, Floppa000, KangaBoi, LokiBoxK9, Lukeskydiver, Madzomgreal, SierraHawk, Templaria, Xertz, Bobuxman33, Corn.witch, Gio33m, Lightblade, Pandalover
The following 8 accounts were not discussed last time:
AimerTCP [Linked to two different users, Padme and SteveRocksTheBlock. Steve hasn’t been around since the 18th of December. Padme dipped completely on the 29th of September and has since returned just once on the 22nd of January. We believe the account itself was created to be passed around new users.]
GraperTCP [Traced to three users, only one of whom appears potentially relevant: a user who goes by the nickname vegedream enthusiast in the server. This user was active up till the 31st of December. We believe the account itself was also created to be passed around new users.]
YUzu [An earlier username of Tab, who was referenced in the first statement as the original Xertz. Tab hasn’t been active in the Templars server since the 14th of December.]
VibrantLight [Another account linked to Tab. Also used on one occasion by Sugarone89, who hasn’t been active since the day they used the account. ]
Hoteboy1235 [Yet ANOTHER Tab account. Their account has since been loaned out to various users, including at the 6th January event included in this investigation. Tellingly, the account did not flag up as a multilog at this particular event.]
BlizzardG6 [A very unusual case. First mentioned in the server three years ago, way before CPAB. The current account was first used by TCP mod Grap kid/Blizzard back in mid-June. He dropped into inactivity on the 24th of September, and has since only spoken on Christmas Eve and briefly in the early hours of the 30th of December. Handed out temporarily to new users after Grap kid lapsed into inactivity. Only one of them stayed active past initial recruitment: MarkTheSpy. ]
Kaiser [Also linked to Grap Kid/Blizzard, at his own admission. MarkTheSpy also used this account on one occasion on the 10th of December. Because of this, it wasn’t initially clear whether he kept using either this account permanently or the Blizzard one.]
KylianMbappe [No reference could be found in the Templars discord server to this user. Searching it on ROBLOX brought up 1000 different accounts using this nickname…]
Which accounts were at which events?
ANiceAndMean [28th December, 31st December, 4th January, 6th January, 18th January]
AimerTCP [28th December, 31st December, 4th January, 6th January,]
AveTemplaria [28th December, 31st December, 4th January, 6th January, 18th January]
BlizzardG6 [31st December, 4th January, 6th January,]
CORPSE_CAT81 [31st December, 4th January, 6th January, 18th January]
Floppa000 [28th December, 31st December, 4th January, 6th January, 18th January]
GraperTCP [28th December, 31st December, 4th January, 6th January,]
Hoteboy1235 [28th December, 4th January,]
Kaiser [28th December, 4th January, 6th January,]
KangaBoi [28th December, 30th December, 31st December, 4th January, 6th January, 18th January]
KylianMbappe [28th December, 31st December, 4th January, 6th January,]
LokiBoxK9 [31st December, 4th January, 6th January, 18th January]
Lukeskydiver [31st December, 4th January,]
Madzomgreal [4th January, 6th January, 18th January]
SierraHawk [31st December, 4th January, 6th January,]
Templaria [28th December, 30th December, 31st December, 4th January, 6th January,]
VibrantLight [28th December, 30th December, 31st December, 4th January, 6th January, 18th January]
Xertz [28th December, 31st December, 4th January, 6th January,]
YUzu [28th December, 30th December, 4th January, 6th January, 18th January]
Bobuxman33 [28th December, 30th December, 4th January, 18th January]
Corn.witch [30th December, 31st December, 4th January, 6th January, 18th January]
Gio33m [30th December, 31st December, 4th January, 6th January, 18th January]
Lightblade [28th December, 31st December, 4th January, 6th January, 18th January]
Pandalover [31st December, 4th January, 6th January, 18th January]
To break it down in a more readable format:
15 accounts were multilogged on the 28th of December
7 accounts were multilogged on the 30th of December
18 accounts were multilogged on the 31st of December
All 24 involved accounts were multilogged across the event on the 4th of January.
21 accounts were multilogged on the 6th of January.
14 accounts were multilogged on the 18th of January.
Needless to say, this is an incredibly shocking prospect, especially on the 4th and 6th. Nevertheless, we are confident that the above information is correct.
Logic and Reasoning
From this, we went to look deeper to try and establish more solid proof that multilogging had indeed occurred. When reaching our conclusion, the following factors/discoveries were considered:
- We contacted Templars on the 30th of January and gave them the list of penguins/events so that they had an opportunity to defend themselves. We gave them 5 days. They did not respond before this deadline.
- 9 IP addresses were connected to Xing’s CPAB account across the period investigated. For the 6 addresses relevant to this investigation, each IP address could be linked to a specific event. In the other 3 cases, no multilogging occurred.
- Similar disconnection times between accounts in some cases.
-
- On the 30th of December, 6 of the 7 accounts involved disconnected at 01:10am GMT, along with Xing’s own account.
- On the 31st of December, 13/18 accounts disconnected at 01:00am GMT. The other 5 accounts all disconnected at either 00:59 or 01:01.
- On the 6th of January, all but 17/21 accounts disconnected at 01:00am GMT, with the other 4 disconnecting at 01:01.
4. In our previous investigation into the 18th of January event, we discussed the case of the ‘Xertz’ account. The ‘Xertz’ account was initially being used by Xing before a real user [believed to be Phenix] took the account over. All of this was distinctly reflected in the logs and provided more conclusive proof that multilogging was occurring. We decided to look into individual accounts again to see what we could find.
Results From Individual Accounts
We investigated the following accounts in this manner:
Corn.witch, ANiceAndMean, SierraHawk, HoteBoy1235, Floppa000, CORPSE_CAT81, AveTemplaria, GraperTCP
Each account had a varying number of IP addresses linked to it.
Corn.witch was linked to 11 different IP addresses. 5 of these were under IP addresses linked to XIng. However, with the other 6 addresses Corn.witch attended Templars events without any such connection. In fact, one of these 6 occasions was on the 28th of December, one of the events that we are investigating for multilogging. In itself, this may not appear to be that useful information. But, what it actually means is we can be more sure than before that multilogging definitely did occur, as CPAB is definitely correctly logging when accounts are being used by real people and when accounts are being multilogged by a single user. You can clearly see the difference in the logs.
Looking into SierraHawk, AveTemplaria, CORPSE_CAT81 and ANiceAndMean yielded similar results. We could clearly identify where a genuine person was using either account and where Xing was multilogging and in both cases, this was found at events where multilogging did take place. In the case of CORPSE_CAT81, this was even found at two multilogged events [28th December and 30th December].
GraperTCP was the only account we looked into that apparently had zero connection to a real user at any point over the past month. Each of the 4 IP addresses linked to it was also associated with Xing.
Looking into Floppa000 and HoteBoy1235 produced the most valuable results yet: two new cases of the ‘Xertz’ situation seen in the last investigation.
In the case of HoteBoy1235, only 3 IP addresses were associated with his account. 2 of the 3 were cases where Xing multilogged the account. The third had three separate events tied to it, immediately grabbing our attention.
At the 4th of January event, Xing originally multilogged this account from :23 to :27. At :27, this got disconnected and the connection moved to the above-mentioned third IP address, where the account remained logged in from 00:27 till 1:11am GMT.
Floppa000 provides an even more damning version of this. Floppa000 has 7 IP addresses attached to it, of which 4 were instances of Xing multilogging it. At the 4th of January event, Floppa000 logs in on an IP address not associated with Xing at :29. It then disconnects at :41 and reconnects at the same moment to a new IP address which is associated with Xing. What makes this specific case interesting is that this new connection only lasts for about a minute before the connection moves back to the original IP address, where it stays for the remainder of the event.
In a nutshell, a genuine user logged into Floppa000, Xing kicked them off and multilogged it before the real user logged back in, thus kicking Xing off. This is further conclusive evidence that multilogging has occurred within Templars.
Further Complication (The 30th December Event)
As briefly referenced at the start of this statement, the event that Xing multilogged at on the 30th of December was in fact the invasion of SWAT’s capital: Parka.
This brings into question whether the recent war between SWAT and the so-called Circus Alliance [ACP, Templars, Help Force and Dark Vikings] was also tainted by Templars’ multilogging. We haven’t investigated this yet.
However, Xing’s multilogging at the capital invasion is evident, and we have decided to take action based on this alone.
Action Taken
Given the overwhelming evidence and elimination of alternative explanations, we are satisfied that multilogging occurred at these six events. We took action regarding the 18th of January event last time, so that hasn’t factored into our decisions. However, the following penalties have been applied to Templars:
- The events investigated will be removed from past top tens. This may affect Templars’ placements, more details will follow shortly after this post releases regarding this. This will be enacted over the next day or two.
- A size multiplier of x0.6 will be applied to Templars’ size points for the next 4 weeks on the Top Ten.
- We will be reviewing a force treaty from SWAT and putting it in effect against Templars. We will not be recognising Templars’ dropping off all their land in accordance with this and instead will transfer all of their land to SWAT.
Future Intentions + What Went Wrong
It is our intention to continue investigating for potential multilogging in 2022. However, in the interests of practicality and how much time has passed, we will not be taking any further action against Templars if we find further multilogging at their normal events.
Since the release of our first statement on this issue, we’ve received some requests regarding looking into larger events such as the two wars between Templars [among other armies] and SWAT, Christmas Chaos and Legends Cup. Discussions are still ongoing on how to handle things if we do find multilogging occurred in any of these places, although we have reached the following decisions already:
- No action will be taken regarding the first war between SWAT and Templars because of how long ago it was.
- We’ve already decided to put in place a force treaty against Templars from SWAT regarding the second war.
- There will be no replays of battles to account for multilogging found at Legends Cup or Christmas Chaos.
We hope to release a final post detailing any further findings in the interests of transparency with the wider community. This won’t happen until the entirety of CPAB’s logs has been investigated through [about 9 months’ worth of data] so this likely won’t be released any time in the immediate future.
We’re sure this entire statement will provoke another common reaction: Why is this the first anyone’s heard of this?
As referenced before, an investigation was carried out into Templars during the summer. At the time, the process by which we checked for multilogging was less precise. Repeating checks were sometimes necessary due to logins being missed, which is also still a factor to a lesser extent today. Most importantly, key information that we have access to as part of today’s process which proved essential in this investigation wasn’t available as part of the old process.
To put it a lot more simply, the system we use has gotten a lot better compared to when the original major investigation was carried out. We can’t elaborate much further than this as we don’t want to disclose any information that might help people multilog without being caught.
As ever, Club Penguin Armies does not condone multilogging and will punish it severely where found.
That is all the CPA administration has to say at this time.
How fucking dare you!
“To put it a lot more simply, the system we use has gotten a lot better compared to when the original major investigation was carried out.”
It doesn’t seem like it if it is detecting multilogging when no multilogging took place LMAO
[…] perfect run came to an end with a multilogging exposé in January 2023. Special Weapons and Tactics further rubbed salt in the Templars’ wounds by forcing them to […]